Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package response :: Module osquery
[frames] | no frames]

Module osquery

source code

Author: Michael Cohen <scudette@google.com>

Classes
  OSQuery
Runs the OSQuery query and emit the results.
Variables
  __author__ = 'Michael Cohen <scudette@google.com>'
The OSQuery plugin can capture the result of osquery queries and store in Rekall result collections.
  __package__ = 'rekall.plugins.response'
Variables Details

__author__

The OSQuery plugin can capture the result of osquery queries and store in Rekall result collections.

Note that we do not actually process the query itself, we just relay the query to osqueryi and then write its output in a collection to be uploaded. We therefore need to have osqueryi installed somewhere on the path.

Value:
'Michael Cohen <scudette@google.com>'

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:47 2017 http://epydoc.sourceforge.net